question

YatinBhatia-9009 avatar image
0 Votes"
YatinBhatia-9009 asked GiftA-MSFT edited

Data Privacy in Azure Cloud while Data Storage & Model Training

I am working as a Data Scientist at Rxlogix & like deploy Azure Custom Language Translator for our Clients.
But there are few Questions/Concerns on which Client wants to get clarification.

1) Data Access while stored in Active Directory
Concern :-- I understand that Rxlogix Data remains only in Azure Active Directory and no other Client can access it but need to know what are actual circumstances in which MicroSoft Engineers can access the Client’s (Rxlogix) Data. This is based on these Two points mentioned in Section - “Isolation from Microsoft Administrators & Data Deletion” in Reference doc #2.

  Two Points  
  1.1) Microsoft engineers do not have default access to your data in the cloud. Instead, they are granted access, under management oversight, only when necessary. That access is carefully controlled and logged, and revoked when it is no longer needed. 
 1.2) Microsoft may hire other companies to provide limited services on its behalf. Subcontractors may access customer data only to deliver the services for which, we have hired them to provide, and they are prohibited from using it for any other purpose. Further, they are contractually bound to maintain the confidentiality of our customers’ information.

2) Data Access while Training Model
Concern :-- Can Model Training for Custom Translator occur in Dedicated Machines so that no Data moves out of the system. We actually like to know what happens to data when Model Training occurs.


Reference Docs -
1) https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices
2) https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure-components

These concerns are important for us to provide Confidence to our Clients.
Hope to get reply soon from ur End.

azure-security-centerazure-translator
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GiftA-MSFT avatar image
0 Votes"
GiftA-MSFT answered GiftA-MSFT edited

Hi, thanks for reaching out. Accordinng to Azure Translator Confidentiality Document:

The documents you upload using Custom Translator (portal or APIs) are stored encrypted in your workspace. If you signed up for a Translator subscription with customer-managed keys, you may use it by associating your Translator subscription with a new workspace in Custom Translator. Custom Translator uses your uploaded documents exclusively to provide your personalized translation system and does not use it for any other purpose. The documents you upload to Custom Translator will be stored in the Azure region you selected when you created your Translator key until you delete them or until your account expires.

You may invite whoever you like into the workspace, identified by an email address and authenticated with a Microsoft Account. You are responsible for initiating and controlling such sharing. The people you designate as co-owner have the same access to your training material and training runs that you have. Microsoft will not share the data with anyone else.

Translation requests to your custom models via Translator on Azure are no trace— there will be no record of the submitted text, or portion thereof, in any Microsoft data center.

There's currently no option for dedicated machines, however, data is encrypted using Microsoft Managed Keys and you can set up your own Customer Managed Keys. By default, Microsoft engineers don't have access to your data unless you grant access (e.g. troubleshooting, etc.) but if you need further clarification on those two points, my suggestion is to clarify with the doc author. Hope this helps.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.